|
|
@ -27,8 +27,6 @@ func AsWireguardInterfaceID(ring rings.RingID) (WireguardInterfaceID, error) { |
|
|
|
switch ring { |
|
|
|
switch ring { |
|
|
|
case rings.RingZeroID: |
|
|
|
case rings.RingZeroID: |
|
|
|
return 0, nil |
|
|
|
return 0, nil |
|
|
|
case rings.RingOneID: |
|
|
|
|
|
|
|
return 1, nil |
|
|
|
|
|
|
|
default: |
|
|
|
default: |
|
|
|
return 0, ErrInvalidRing(ring) |
|
|
|
return 0, ErrInvalidRing(ring) |
|
|
|
} |
|
|
|
} |
|
|
@ -148,17 +146,9 @@ var ( |
|
|
|
Decode: rings.DecodeRingZeroAddress, |
|
|
|
Decode: rings.DecodeRingZeroAddress, |
|
|
|
Encode: rings.RingZeroAddress, |
|
|
|
Encode: rings.RingZeroAddress, |
|
|
|
} |
|
|
|
} |
|
|
|
// RingOne is a wg1 address encoder/decoder
|
|
|
|
|
|
|
|
RingOne = RingAddressEncoder{ |
|
|
|
|
|
|
|
ID: rings.RingOneID, |
|
|
|
|
|
|
|
Port: RingOnePort, |
|
|
|
|
|
|
|
Decode: rings.DecodeRingOneAddress, |
|
|
|
|
|
|
|
Encode: rings.RingOneAddress, |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
// Rings provides indexed access to the ring address encoders
|
|
|
|
// Rings provides indexed access to the ring address encoders
|
|
|
|
Rings = []RingAddressEncoder{ |
|
|
|
Rings = []RingAddressEncoder{ |
|
|
|
RingZero, |
|
|
|
RingZero, |
|
|
|
RingOne, |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
) |
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
@ -201,61 +191,17 @@ func (r *Ring) AddPeer(p *Machine) bool { |
|
|
|
}, |
|
|
|
}, |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
switch { |
|
|
|
|
|
|
|
case r.ID == rings.RingZeroID: |
|
|
|
|
|
|
|
r.setRingZeroAllowedIPs(rp) |
|
|
|
r.setRingZeroAllowedIPs(rp) |
|
|
|
case p.IsGateway(): |
|
|
|
|
|
|
|
r.setRingOneGatewayAllowedIPs(rp) |
|
|
|
|
|
|
|
default: |
|
|
|
|
|
|
|
r.setRingOneNodeAllowedIPs(rp) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
r.Peers = append(r.Peers, rp) |
|
|
|
r.Peers = append(r.Peers, rp) |
|
|
|
return true |
|
|
|
return true |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (r *Ring) setRingZeroAllowedIPs(rp *RingPeer) { |
|
|
|
func (*Ring) setRingZeroAllowedIPs(rp *RingPeer) { |
|
|
|
regionID, zoneID, _, _ := r.Decode(rp.Address) |
|
|
|
// ring0 peer
|
|
|
|
|
|
|
|
|
|
|
|
// everyone on ring0 is a gateway to ring1
|
|
|
|
|
|
|
|
subnet, _ := rings.RingOnePrefix(regionID, zoneID) |
|
|
|
|
|
|
|
rp.AllowSubnet(subnet) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// peer
|
|
|
|
|
|
|
|
rp.AllowCIDR(rp.Address, 32) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func (r *Ring) setRingOneGatewayAllowedIPs(rp *RingPeer) { |
|
|
|
|
|
|
|
regionID, zoneID, _, _ := r.Decode(rp.Address) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// peer
|
|
|
|
|
|
|
|
rp.AllowCIDR(rp.Address, 32) |
|
|
|
rp.AllowCIDR(rp.Address, 32) |
|
|
|
|
|
|
|
|
|
|
|
// ring1 gateways connect to all other ring1 networks
|
|
|
|
// everyone on ring0 has a leg on ring1
|
|
|
|
r.ForEachZone(func(z *Zone) bool { |
|
|
|
rp.AllowCIDR(rp.Node.RingOneAddress(), 32) |
|
|
|
if !z.Is(regionID, zoneID) { |
|
|
|
|
|
|
|
subnet := z.RingOnePrefix() |
|
|
|
|
|
|
|
rp.AllowSubnet(subnet) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return false |
|
|
|
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// ring1 gateways also connect to all ring0 addresses
|
|
|
|
|
|
|
|
r.ForEachZone(func(z *Zone) bool { |
|
|
|
|
|
|
|
z.ForEachMachine(func(p *Machine) bool { |
|
|
|
|
|
|
|
if p.IsGateway() { |
|
|
|
|
|
|
|
addr, _ := p.RingZeroAddress() |
|
|
|
|
|
|
|
rp.AllowCIDR(addr, 32) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return false |
|
|
|
|
|
|
|
}) |
|
|
|
|
|
|
|
return false |
|
|
|
|
|
|
|
}) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func (*Ring) setRingOneNodeAllowedIPs(rp *RingPeer) { |
|
|
|
|
|
|
|
// only to the peer itself
|
|
|
|
|
|
|
|
rp.AllowCIDR(rp.Address, 32) |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// ForEachMachine calls a function for each Machine in the ring
|
|
|
|
// ForEachMachine calls a function for each Machine in the ring
|
|
|
|